Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-30845

Wekan is an open source kanban tool built with Meteor. In versions 8.31.0 through 8.33, the board composite publication in Wekan publishes all integration data for a board without any field filtering, exposing sensitive fields including webhook URLs and authentication tokens to any subscriber...

8.2CVSS5.7AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 7:33 p.m.5 views

EUVD-2026-10063

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

9.3CVSS5.8AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2025/12/15 2:15 p.m.6 views

CVE-2025-65779

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...

7.5CVSS0.0027EPSS
Exploits0References4
CVE
CVE
added 2025/12/15 12:0 a.m.10 views

CVE-2025-65779

Wekan up to version 18.15 is affected; fixed in 18.16. An unauthenticated attacker can update a board's sort value because Boards.allow returns true without verifying userId, enabling arbitrary reordering of boards. Affected: Wekan (Open Source Kanban board) prior to 18.16. Impact: potential alte...

7.5CVSS6.7AI score0.0027EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/15 12:0 a.m.4 views

CVE-2025-65779

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value Boards.allow returns true without verifying userId, allowing arbitrary reordering of boards...

7.5CVSS6.9AI score0.0027EPSS
Exploits0References6
CVE
CVE
added 2025/12/15 12:0 a.m.10 views

CVE-2025-65782

Wekan up to v18.15 is affected by an authorization flaw in card update handling that lets board members or other authenticated users add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting. The issue is fixed in v18.16. Affected compone...

6.5CVSS6.6AI score0.00225EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder